Offensive Security Engineer

About Rippling

Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system.

Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365—all within 90 seconds.

Based in San Francisco, CA, Rippling has raised $1.4B+ from the world’s top investors—including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock—and was named one of America's best startup employers by Forbes.

We prioritize candidate safety. Please be aware that all official communication will only be sent from @Rippling.com addresses.

About The Role

Rippling is looking for a hands-on Security Engineer – Offensive Security to join our growing security team. In this role, you’ll design and execute offensive security initiatives that challenge our defenses, shape detection capabilities, and strengthen the resilience of a platform spanning HR, IT, Payments, Identity, and Infrastructure.

As an early member of the Red Team, you’ll apply an attacker’s mindset across Rippling’s people, processes, and technology—running realistic adversary simulations, uncovering vulnerabilities, and driving threat-informed defense across our most critical assets. This is a rare opportunity to have meaningful scope and visibility while building a program that influences company-wide security strategy.

About The Team

Our security engineering team is a diverse group of builders, breakers, and problem solvers. We partner closely with Engineering to design scalable solutions and rethink traditional security models for a rapidly growing ecosystem.

We recently shared our work at:

• Our Infrastructure Security team shared a blog about how they streamlined AWS access
• We spoke at BSides SF about attacking and defending infrastructure with terraform
• Our Product Security Director talked about the Strategies to Scale Security in Expanding Organizations

What You'll Do

• Design and execute covert Red Team operations to measure Rippling’s readiness against advanced adversaries
• Conduct threat emulation, assumed breach, and purple team exercises across cloud infrastructure, endpoints, applications, and identity systems
• Build custom tooling and automation to accelerate offensive operations and reduce manual effort
• Partner with Blue Teams to improve detection and response engineering, aligning with MITRE ATT&CK and real-world TTPs
• Influence security investment and prioritization across Engineering, Operations, Finance, and Sales through threat-informed insights
• Lead post-engagement debriefs with technical teams and senior leadership, translating risk into clear, actionable recommendations

Qualifications

• 2+ years in an offensive security or Red Team role (or equivalent hands-on experience)
• Demonstrated ability to break down complex problems into measurable, solvable components
• Proficiency in scripting (Python, PowerShell, Bash) and building Red Team tooling
• Experience automating offensive workflows and comfort with software development practices
• Hands-on experience with C2 frameworks (Cobalt Strike, Mythic, or custom-built alternatives)
• Deep understanding of attacker TTPs and common detection/response patterns
• Experience conducting or guiding cross-team architectural changes to reduce systemic risk
• Familiarity with cloud environments (AWS), SaaS ecosystems, and modern identity systems (SSO, OAuth, SAML, MFA)
• Excellent written and verbal communication, with the ability to translate technical risk for non-technical stakeholders

Key skills/competency

• Offensive Security Engineering
• Red Teaming
• Adversary Simulations
• Vulnerability Discovery
• Threat Emulation
• C2 Frameworks
• Cloud Security (AWS)
• Scripting (Python, PowerShell, Bash)
• Detection and Response
• Security Strategy